US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10

EMEA Region

ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43


Grandmetric LTD
Office 584b
182-184 High Street North
E6 2JA
+44 20 3321 5276

  • en
  • pl
  • Information Security Management System

    Protect data in your institution or company

    Information is a powerful resource that, in the wrong hands, can lead organizations to bankruptcy, change valuations, arrange tenders and even influence human behavior. These are just some of the reasons why large companies and public institutions that collect and process huge amounts of sensitive data bear the burden of responsibility. As security experts, we understand this burden, so we will help you prepare for every eventuality and protect them against theft, accidental leakage or loss. The tool that best fulfills this role is the Information Security Management System.

    What is ISMS?

    It is a set of procedures, guidelines, specific tools, measures and roles that enable effective protection of information in the organization.

    A well-prepared Information Security Management System takes into account:

    • Implementation goals
    • Information security guidelines, such as password management, data classification and access control procedures
    • Detailed process descriptions for all specific scenarios
    • Defining roles, division of responsibilities and method of supervision over compliance with the policy
    • Prevention methods
    • Ways to minimize losses
    • Internal policies
    • Backup methods
    • Disaster recovery
    • Guidance on expanding and improving protection.

    The whole thing should not only be tested and updated on an ongoing basis but above all – improved.

    ISMS SZBI security information guidelines

    Who should implement the ISMS?

    Public organizations

    Since 2012, public institutions have been obliged to build an information security system in such a way as to prevent unauthorized persons from accessing citizens’ data.

    However, practice shows that many of them do not have the appropriate resources and competencies to properly adapt to legal requirements, not even taking into account their own initiative. Policies are created ad hoc, and the documentation itself is full of gaps, simplified and is only verified during an audit.

    Private companies

    The situation is similar in the private sector. Organizations most often do not pay much attention to adequate preparation for incidents until they occur.

    Ultimately, it often turns out that despite the resource-intensive process of creating a security policy, it involves fewer resources than required to recover data or pay penalties or compensation.

    Check security solutions with configuration

    Why should the ISMS be the basis of the security system?

    Building a competitive advantage

    through security certificates and customer trust

    Organizing internal processes

    related to security

    Minimizing the risk of downtime

    caused by loss of data or access to it

    Minimizing the risk of penalties

    for incidents or failure to comply with legal requirements

    Building employee awareness

    in the field of cyber security and social engineering recognition

    How to prepare an ISMS from scratch?

    Administrators in public entities consider ISMS to be an unpleasant obligation, and private companies point out that the process of creating the system is time-consuming and complicated. However, it is worth considering universal benefits that go beyond basic security measures.

    We comprehensively protect our clients' systems, which is why we want the ISMS not to be just empty documentation, necessary only for the duration of an audit. We pay great attention to testing, system monitoring and, above all, education.

    The implementation process of the Information Security Management System is carried out in six stages:

    number_1 list


    We identify potential threats, determine critical areas, and determine the type and method of storing protected information.

    numer 2


    We define the objectives of the ISMS implementation, taking into account the type of organization and the direction of its development



    We develop specific safety rules and standards that reflect the company’s goals and needs


    We develop processes for dealing with various scenarios, such as incidents, access controls and password management


    We involve stakeholders such as CISOs, security engineers, managers and the legal department. We make sure that the entire project is consistent with the assumptions and that decision-makers understand their roles and support the implementation.


    We make sure that the policy is available and understandable to all employees, and then we provide the necessary training.

    A security system is only as effective as its weakest links, so it is especially important to take care of:

    ISO 27001 – the highest safety standards

    The international standard ISO 27001 sets the standards for modern security systems. It covers the entire ISMS cycle, from implementation, through operation, to further development. Strict guidelines create tools that make risk assessment easier, guide the creation of policies and define ways of managing information. Following good practices not only guarantees safety, but also creates the opportunity to obtain a world-famous certificate that will help gain the trust of contractors.

    Expert knowledge, effective protection

    We design protection systems at all stages, which is why we know perfectly well the threats lurking in the modern world and how to avoid them. In line with best practices at Grandmetric, we prepare organizations for auditing, obtaining a certificate or recertification, and the solutions we implement meet all ISO 27001 standards.

    If you care about your and your customers' safety, contact us!

      Get in touch

      You hereby agree that Grandmetric can call you to process the given request. You also agree to obtain marketing information such as our newsletter. More about how we collect and process personal data in Privacy Policy.